14 matches found
EUVD-2002-2079
Malware in sbrugna...
CVE-2012-6634
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a postid value...
CVE-2002-2100
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content...
CVE-2021-39740
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...
CVE-2021-39740
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...
CVE-2021-39740
In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...
CVE-2021-39740
CVE-2021-39740 affects the Android 12L messaging path. The issue arises from improper input validation in messaging, allowing an attacker to bypass attachment restrictions and cause local information disclosure without requiring user interaction or privileges. The vulnerability is categorized und...
Outlook for Web Bans 38 More File Extensions in Email Attachments
Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable,...
The vulnerability of the Microsoft Dynamics resource planning software, related to security configuration errors, allows a hacker to circumvent existing restrictions on embedded email files.
The vulnerability of the Microsoft Dynamics resource planning software is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on email attachments by intercepting POST requests...
CVE-2014-8988
MantisBT before 1.2.18 allows remote authenticated users to bypass the $gdownloadattachmentsthreshold and $gviewattachmentsthreshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download...
Cross site request forgery (csrf)
MantisBT before 1.2.18 allows remote authenticated users to bypass the $gdownloadattachmentsthreshold and $gviewattachmentsthreshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download...
CVE-2014-8988
MantisBT before 1.2.18 allows remote authenticated users to bypass the $gdownloadattachmentsthreshold and $gviewattachmentsthreshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download...
CVE-2014-8988
CVE-2014-8988 affects MantisBT
Discuz跨域数据劫持+附件类型限制绕过
简要描述: 两个凑一块发了 详细说明: 1 跨域数据劫持(csrf token formhash盗取) 下载远程附件功能不会对文件内容(文件格式)进行检测导致可以上传恶意的swf文件(扩展名还是图片扩展名),进而进行跨域数据劫持: 伪造图片CrossDomainDataHijack.jpg相关代码: package com.powerflasher.SampleApp import flash.external.ExternalInterface; import flash.display.Sprite; import flash.display.Sprite; import...